Differential power analysis (DPA) attacks can obtain the secret key in a cryptographic device within feasible time and at a reasonable cost. In order to protect cryptographic devices from DPA attacks, various techniques have been proposed as a countermeasure. All existing countermeasures, however, consume a significant amount of dynamic power to hide or mask the load power information.
Converter-reshuffling (CoRe) technique has recently been proposed as a power-efficient countermeasure against differential power analysis (DPA) attacks by randomly reshuffling the individual stages within a multiphase switched-capacitor voltage converter. This randomized reshuffling of the converter stages inserts noise to the monitored power profile and prevents an attacker from extracting the correct input power data. The total number of activated phases within a switch period, however, still correlates with the dynamic power consumption of the workload. To break the one-to-one relationship between the monitored and actual power consumption, a charge-withheld CoRe technique is proposed in this brief by utilizing the flying capacitors to withhold a random amount of charge for a random time period.
The number of required converter stages is determined based on the workload information, whereas the activation pattern of these stages is determined by a pseudorandom number generator (PRNG) to scramble the input power profile of the voltage converter. As a result, an attacker is unable to synchronize the sampling frequency of the leakage data that are sampled by the attacker. Alternatively, if the attacker is able to synchronize the attack with the switching frequency of the on-chip voltage converter by using machine-learning (ML) attacks, the scrambled power data can be unscrambled by the attacker, and the CoRe technique may effectively be neutralized. The reason is that the total number of activated phases within a switch period has a high correlation with the load power dissipation.